Unauthorized Aadhaar Database Access Can be Bought: Report

“Putting aside the question of the report’s validity, Aadhaar may at this point be too big to fail, even if it does have serious security vulnerabilities.”

India’s Aadhaar is the largest government-led biometric ID program in the world, and it can be hacked for about eight bucks.Unauthorized Aadhaar Database Access Can be Bought: Report

That’s the allegation of one domestic newspaper, whose reporters say they were able to gain access to the Aadhaar database with a username and password acquired from an individual over WhatsApp for Rs 500, or about $8 USD. Meanwhile, another news report exposed a security loophole allowing any Aadhaar administrator to grant access to the database to any other individual, who would then have access to a range of information for Aadhaar registrants – of whom there about 1.2 billion – though not their biometric data.

While many have voiced concerns about the dangers inherent in collecting such a vast amount of citizens’ data in a central, government-run database, few are likely to have anticipated that it could be so easily compromised. For its part, the Unique Identification Authority of India (UIDAI), which administrates the program, has been attempting to spin these reports as matters of ‘unauthorized access’, and not hacks; meanwhile, India’s governing party called the paid access report “fake news.”

Putting aside the question of the report’s validity, Aadhaar may at this point be too big to fail, even if it does have serious security vulnerabilities. The system is used for a wide and growing number of applications in India, from issuing death certificates to tracking Amazon packages, and even – unofficially – authenticating johns in the sex trade. Thus there is now more pressure than ever on the UIDAI to beef up its security.

Sources: Gizmodo, BuzzFeed

January 5, 2018 – by Alex Perala